<?php

session_start();
include("load-settings.php");

if(!isset($_SESSION['user']))
	header("Location: login.php");

$user = mysql_real_escape_string($_SESSION['user']);
$result = mysql_query("SELECT * FROM user WHERE id = $user") or die(mysql_error());
$row = mysql_fetch_array($result);

if($row['type'] != 2 && $row['type'] != 3)
	header("Location: home.php");

$order = mysql_real_escape_string($_POST['order_num']);
$buyer = mysql_real_escape_string($_POST['buyer']);
$booster = mysql_real_escape_string($_POST['booster']);
$wins = mysql_real_escape_string($_POST['wins']);
$losses = mysql_real_escape_string($_POST['losses']);
$goal = mysql_real_escape_string($_POST['goal']);
$start_tier = mysql_real_escape_string($_POST['start_tier']);
$start_division = mysql_real_escape_string($_POST['start_division']);
$end_tier = mysql_real_escape_string($_POST['end_tier']);
$end_division = mysql_real_escape_string($_POST['end_division']);
$status = mysql_real_escape_string($_POST['status']);
$payout = mysql_real_escape_string($_POST['payout']);
$booster_payout = mysql_real_escape_string($_POST['booster_payout']);
$summoner = mysql_real_escape_string($_POST['summoner']);
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$region = mysql_real_escape_string($_POST['region']);
$beginning_stats = mysql_real_escape_string($_POST['beginning_stats']);

if($goal == "")
	$goal = 'null';
if($wins == "")
	$wins = 'null';
if($losses == "")
	$losses = 'null';
if($end_division == "")
	$end_division = 'null';

$result = mysql_query("SELECT * FROM order_record WHERE id = $order") or die(mysql_error());

if(mysql_num_rows($result) == 0)
	header("Location: orders-admin.php");

$subresult = mysql_query("SELECT * FROM booster_order WHERE order_record = $order AND active <> 0") or die(mysql_error());

if(mysql_num_rows($subresult) == 0 && $booster != "None")
	mysql_query("INSERT INTO booster_order (booster, order_record, current_tier, wins, current_division, timestamp, active, losses, last_match) VALUES ($booster, $order, '$start_tier', $wins, $start_division, ".time().", $status, $losses, ".time().")") or die(mysql_error());
else if($booster != "None" && $booster != $subrow['booster'])
{
	mysql_query("UPDATE booster_order SET active = 0, unclaim_time = ".time()." WHERE order_record = $order AND active <> 0") or die(mysql_error());
	mysql_query("INSERT INTO booster_order (booster, order_record, current_tier, wins, current_division, timestamp, active, losses, last_match) VALUES ($booster, $order, '$start_tier', $wins, $start_division, ".time().", $status, $losses, ".time().")") or die(mysql_error());
}
else if($booster != "None")
{
	mysql_query("UPDATE booster_order SET booster = $booster, current_tier = '$start_tier', wins = $wins, current_division = $start_division, active = $status, losses = $losses, WHERE order_record = $order") or die(mysql_error());
}
else if($booster == "None")
	mysql_query("UPDATE booster_order SET active = 0, unclaim_time = ".time()." WHERE order_record = $order AND active <> 0") or die(mysql_error());

if($status == 0)
	$complete = 1;
else
	$complete = 0;

mysql_query("UPDATE order_record SET number_of_wins = $goal, start_tier = '$start_tier', start_division = $start_division, end_tier = '$end_tier', end_division = $end_division, complete = $complete, payout = $payout, booster_payout = $booster_payout, summoner = '$summoner', username = '$username', password = '$password', region = '$region', beginning_stats = '$beginning_stats', user = $buyer WHERE id = $order") or die("UPDATE order_record SET number_of_wins = $goal, start_tier = '$start_tier', start_division = $start_division, end_tier = '$end_tier', end_division = $end_division, complete = $complete, payout = $payout, booster_payout = $booster_payout, summoner = '$summoner', username = '$username', password = '$password', region = '$region', beginning_stats = '$beginning_stats', user = $buyer WHERE id = $order");

header("Location: orders-admin.php");

?>